Closed GeertThijs closed 2 years ago
Simplified class diagram to illustrate the proposed solution:
This was done accordingly, notwithstanding that the legal validity issue can still have other implications on the use of LegalBasis within the model.
Description The PersonalDataHandling class from the DPV ontology is introduced in the model (which mostly is based on the GConsent Ontology). PersonalDataHandling has an attribute legalBasis to point to the LegalBasis on which the handling (being the Processing for some Purpose) is based. LegalBasis has several subclasses and Consent is one of them (others are: Contract, LegalObligation, VitalInterest etc.). So, while DPV::PersonalDataHandling.legalBasis points to an instance of a LegalBasis like a Consent or a Contract, OSLO::PersonalDataHandling points to a LegalResource, eg an article in the GDPR. If this was intentionally, better change the name of the attribute to avoid confusion. Remark that OSLO::Consent.isGivenFor(PersonalDataHandling) is actually the inverse of DPV::PersonalDataHandling.legalBasis although specialised for Consents only. It would be interesting for future reuse of OSLO::PersonalDataHandling in other contexts than Consent (PersonalDataHandling eg for Contracts, LegalObligations etc.) to stay with the DPV approach.
Solution Add LegalBasis as a superclass of Consent, repurpose legalBasis as an association with LegalBasis and rename the original attribute.